5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d | Triage

Resubmissions

23-11-2024 18:20

241123-wyxalswman 10

23-11-2024 18:17

241123-wxg5aswlen 10

Sharing

General

Target

MrsMajor2.0.exe
Size

25.6MB
Sample

241123-wyxalswman
MD5

247a35851fdee53a1696715d67bd0905
SHA1

d2e86020e1d48e527e81e550f06c651328bd58a4
SHA256

5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d
SHA512

a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c
SSDEEP

786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2

Score

10^/10

discovery evasion exploit persistence trojan

Malware Config

Targets

- Target
  
  MrsMajor2.0.exe
- Size
  
  25.6MB
- MD5
  
  247a35851fdee53a1696715d67bd0905
- SHA1
  
  d2e86020e1d48e527e81e550f06c651328bd58a4
- SHA256
  
  5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d
- SHA512
  
  a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c
- SSDEEP
  
  786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2
Score

10^/10

discovery evasion exploit persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Modifies file permissions
  discovery
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

File and Directory Permissions Modification

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexploitpersistencetrojan

behavioral2

discoveryevasionexploitpersistencetrojan